TIL ANDROID_ID and who comes up with this malicious shit? does GrapheneOS do anything reasonable to fix it?
Conversation
Replying to
On Android 8+, it's based on a secret generated for each profile and made into an app-specific value based on app signing key. Apps can implement their own ANDROID_ID via app-specific external storage directory unless scoped storage is being used which clears that on uninstall.
2
Replying to
The malicious part is that it persists across uninstall. Couldn't the app-specific value just be randomly generated on install rather than derived, with no way for the app to tell you faked it that way?
1
Replying to
It's a bit more complicated than that due to apps with the same signature able to act as a multi-part app. So for example, if you install ExampleKeyboard and ExampleKeyboardTheme signed with the same signature, those have the same ANDROID_ID. We probably don't want to break this.
1
Replying to
My leaning would be just break it, but you could just randomly generate an ANDROID_ID for each signature (reusing existing one for already-present sig) and delete it when refcnt for that signature reaches zero.
1
Replying to
That's our planned implementation. We just haven't gotten around to it yet. It's possible that we could just set it to a random value on app install without any real world breakage but it would be nice to only make it non-persistent without breaking that part of the defined API.
1
1
As far as I know, ANDROID_ID is primarily used by apps to implement software licensing schemes. It's to force you to pay for a license on each device. They presumably need to have a way for users to transfer licenses so it not being persistent shouldn't cause much trouble.
1
android.googlesource.com/platform/frame
Making it random per app installation could be done by replacing all this code for generating it from the parameters with `new SecureRandom().nextLong()`. Could first query for apps with the same signing key and reuse it if there's already one for them.